CGIWrap related configuration question, (!)

12/02/2007, 19h47

Anyone know how to create custom cgiwrap error messages? PHP is
installed and working, and inclusion of standard .htaccess 404 custom
error paths seem to not affect the browser error generated below if I
go to a non-existant .php page, however .htm will bounce.

-----

CGIWrap Error: Execution of this script not permitted

CGIWrap Error: Request Error

There is a problem with the request. Please contact the owner of the
site you are trying to access.

Server Data:

Server Administrator/Contact: webmaster@

Request Data:

User Agent/Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-
US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9
Request Method: GET
Remote Host:
Remote Address:
Remote Port: 3602

12/02/2007, 20h19

iowa@rock.com wrote:

> Anyone know how to create custom cgiwrap error messages? PHP is
> installed and working, and inclusion of standard .htaccess 404 custom
> error paths seem to not affect the browser error generated below if I
> go to a non-existant .php page, however .htm will bounce.

> CGIWrap Error: Execution of this script not permitted

CGI Wrap generates its own error messages independent of Apache.
You will not view custom cgi related error messages from Apache
while CGI Wrap is running, least you should not.

My experience with CGI Wrap, over many years, is this software
creates more problems than solved and affords no greater cgi
security than Apache offers. CGI Wrap simply confines your cgi
programs to a single account owner, if configured correctly.
Primary purpose of CGI Wrap is to protect Apache root and to
protect machine root, not to provide general cgi security.

My personal opinion is you will do much better to dump CGI Wrap,
then focus on adding time tested proven cgi security methods.
You will find literally thousands of reference sources on the
internet addressing cgi security. Writing your own security
measures will afford significantly more security than your
CGI Wrap can afford.

Ivan Ristic offers an excellent Apache module, mod_security.
His module is a great beginning point but not an ending point.

http://www.modsecurity.org/

His module is of exceptionally excellent quality; the very best.

Google "cgi security" for literally thousands of reference sources
related to effective and good cgi security techniques.

Purl Gurl

13/02/2007, 02h42

Thank you very much for the detailed information. Can you please just
confirm, or maybe there is a better Usenet group for this question, to
how to modify CGIWrap error screens period. I would rather not see
them and it still seems to me to be a conflict if .htaccess 404 does
not apply to non-existent PHP pages. I am kinda stuck with this
configuration PHP CGIWrap configure, but still at this moment based on
what you stay totally 100% sure if maybe some way does exists to
customize, or even turn off those error screens for the PHP CGIWrap in
use.

13/02/2007, 07h21

iowa@rock.com wrote:

> Thank you very much for the detailed information. Can you please just
> confirm, or maybe there is a better Usenet group for this question, to
> how to modify CGIWrap error screens period. I would rather not see
> them and it still seems to me to be a conflict if .htaccess 404 does
> not apply to non-existent PHP pages. I am kinda stuck with this
> configuration PHP CGIWrap configure, but still at this moment based on
> what you stay totally 100% sure if maybe some way does exists to
> customize, or even turn off those error screens for the PHP CGIWrap in
> use.

http://cgiwrap.sourceforge.net/

http://cgiwrap.sourceforge.net/install.html

http://cgiwrap.sourceforge.net/accesscontrol.html

http://cgiwrap.sourceforge.net/tricks.html

http://cgiwrap.sourceforge.net/changes.html

Purl Gurl

12/02/2007, 19h47	#1
iowa@rock.com Messages: n/a Hébergeur:	CGIWrap related configuration question, (!) Anyone know how to create custom cgiwrap error messages? PHP is installed and working, and inclusion of standard .htaccess 404 custom error paths seem to not affect the browser error generated below if I go to a non-existant .php page, however .htm will bounce. ----- CGIWrap Error: Execution of this script not permitted CGIWrap Error: Request Error There is a problem with the request. Please contact the owner of the site you are trying to access. Server Data: Server Administrator/Contact: webmaster@ Request Data: User Agent/Browser: Mozilla/5.0 (Windows; U; Windows NT 5.1; en- US; rv:1.8.0.9) Gecko/20061206 Firefox/1.5.0.9 Request Method: GET Remote Host: Remote Address: Remote Port: 3602

12/02/2007, 20h19	#2
Purl Gurl Messages: n/a Hébergeur:	Re: CGIWrap related configuration question, (!) iowa@rock.com wrote: > Anyone know how to create custom cgiwrap error messages? PHP is > installed and working, and inclusion of standard .htaccess 404 custom > error paths seem to not affect the browser error generated below if I > go to a non-existant .php page, however .htm will bounce. > CGIWrap Error: Execution of this script not permitted CGI Wrap generates its own error messages independent of Apache. You will not view custom cgi related error messages from Apache while CGI Wrap is running, least you should not. My experience with CGI Wrap, over many years, is this software creates more problems than solved and affords no greater cgi security than Apache offers. CGI Wrap simply confines your cgi programs to a single account owner, if configured correctly. Primary purpose of CGI Wrap is to protect Apache root and to protect machine root, not to provide general cgi security. My personal opinion is you will do much better to dump CGI Wrap, then focus on adding time tested proven cgi security methods. You will find literally thousands of reference sources on the internet addressing cgi security. Writing your own security measures will afford significantly more security than your CGI Wrap can afford. Ivan Ristic offers an excellent Apache module, mod_security. His module is a great beginning point but not an ending point. http://www.modsecurity.org/ His module is of exceptionally excellent quality; the very best. Google "cgi security" for literally thousands of reference sources related to effective and good cgi security techniques. Purl Gurl

13/02/2007, 02h42	#3
iowa@rock.com Messages: n/a Hébergeur:	Re: CGIWrap related configuration question, (!) Thank you very much for the detailed information. Can you please just confirm, or maybe there is a better Usenet group for this question, to how to modify CGIWrap error screens period. I would rather not see them and it still seems to me to be a conflict if .htaccess 404 does not apply to non-existent PHP pages. I am kinda stuck with this configuration PHP CGIWrap configure, but still at this moment based on what you stay totally 100% sure if maybe some way does exists to customize, or even turn off those error screens for the PHP CGIWrap in use.

13/02/2007, 07h21	#4
Purl Gurl Messages: n/a Hébergeur:	Re: CGIWrap related configuration question, (!) iowa@rock.com wrote: > Thank you very much for the detailed information. Can you please just > confirm, or maybe there is a better Usenet group for this question, to > how to modify CGIWrap error screens period. I would rather not see > them and it still seems to me to be a conflict if .htaccess 404 does > not apply to non-existent PHP pages. I am kinda stuck with this > configuration PHP CGIWrap configure, but still at this moment based on > what you stay totally 100% sure if maybe some way does exists to > customize, or even turn off those error screens for the PHP CGIWrap in > use. http://cgiwrap.sourceforge.net/ http://cgiwrap.sourceforge.net/install.html http://cgiwrap.sourceforge.net/accesscontrol.html http://cgiwrap.sourceforge.net/tricks.html http://cgiwrap.sourceforge.net/changes.html Purl Gurl

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email